Secure and confidential sharing of digital content

ABSTRACT

Sharing confidential content among devices of participants of digital conversations, the content is provided as an attachment to elements of the digital conversations: registering two or more of the participants; on the devices comprising the attachment: receiving, from the registered participants, a selection of at least one attachment; designating the attachment of the selection as confidential by setting a flag associated with the attachment ON, wherein the attachment to elements is confidential when the flag is set ON, and is not confidential when the flag is set OFF, and displaying a place holder of the attachment; on any of the devices comprising the attachment designated as confidential: authenticating the registered participants; receiving a request to view the content of the attachment designated as confidential from any of the participants; and displaying, without encoding and/or decoding, the content of the attachment designated as confidential only to the authenticated registered participants.

FIELD OF INVENTION

The present system relates to secure and confidential sharing of digitalcontent.

BACKGROUND OF INVENTION

Wired and wireless digital communication devices are becoming ubiquitousand indispensable in daily activities of people worldwide. Such digitalcommunication devices include personal computers, laptops, notebooks,netbooks, tablets, smart televisions, smart phones, watches and othersimilar gadgets, too numerous to list. Connections between these devicesare enabled by the Internet and many varieties of other electronicnetworks, like the wireless 3G and 4G networks, which connect wired andwireless digital communication devices amongst themselves and to theInternet.

Hundreds of millions, probably billions of users of these digitalcommunication devices communicate amongst themselves most commonlythrough Internet based or on-line communication applications, such as,text messengers; various e-mail services; social networks, e.g.,Facebook, Twitter, Instagram, Linkedin, tumblr, flickr, Pinterest, etc.;numerous dating services; and many, many others. This communicationamongst users via the on-line communication applications using thedigital communication devices often entails sharing content. This shareddigital content is commonly maintained on the personal digitalcommunication devices and in databases stored on servers on-line, i.e.,on the Internet.

With great frequency personal digital content, e.g., private texts,personal photographs, bank and credit card account information, contactlists, password and login information for access to personal on-lineaccounts, etc., maintained on digital communication devices, is becomingprey to hackers and unscrupulous individuals without authorization fromthe owners. For example, on Nov. 24, 2014 Sony Pictures EntertainmentCompany was hacked. Confidential content belonging to Sony PicturesEntertainment and many of its employees, i.e., employees' personale-mails, was stolen and some made public.

Prior to the inventive system discussed in the instant document, thesolution to protect the privacy of, or secure the content on thenetworked devices and on-line databases was to disconnect the devicesfrom the networks, cancel the on-line accounts, stop using the on-lineservices, e.g., e-mail, and stop texting and pixing, i.e., sending SMSand multi-media messaging.

This solution is unacceptable in today's interconnected world.Therefore, what is needed is a way to keep the communication of contentincluding messaging and files, secure and confidential.

SUMMARY OF INVENTION

It is an object of the present inventive system to overcomedisadvantages and/or make improvements in the prior art.

It is an object of the inventive system to enable secure andconfidential sharing of digital content.

It is still another object of the present inventive system to enablesecure and confidential sharing of digital content that includesattached files and/or elements of these files;

It is another object of the present inventive system to enable controlduration of retention of the digital content on participants' digitalcommunication devices.

It is yet another object of the present inventive system to enablecontrol of duration of retention of the digital content such that thedigital content is removed from the digital communication devices upondemand and upon a preset condition.

Provided is a method of sharing confidential digital content among aplurality of participants, each utilizing one or more digitalcommunication devices connected to a network, the method includesproviding one or more units of content each unit comprising at least oneelement to one or more digital communication device belonging to atleast one of the plurality of participants; on any of the digitalcommunication devices comprising the one or more units: receiving aselection of at least one element from a participant; designating theselection as confidential, and hiding the designated selection from viewon the digital communication devices. Further, the method provided, onany of the digital communication devices comprising the designatedselection: authenticating the passcode from a viewing participant of theplurality of participants; receiving a request to view the designatedselection from the viewing participant; and displaying the designatedselection to the viewing participant.

BRIEF DESCRIPTION OF DRAWINGS

The invention is explained in further detail, and by way of example,with reference to the accompanying drawings wherein:

1 a and 1 b are screenshots of a user interface of the present inventivesystem illustrating entry of a passcode by participants on their digitalcommunication devices in accordance with a preferred embodiment of thepresent inventive system;

FIG. 2 is a flowchart illustrating creation and/or entry of the passcodeby the participants on their digital communication devices in accordancewith the preferred embodiment of the present inventive system;

FIGS. 3a and 3b are screenshots of a user interface of the presentinventive system illustrating creation of digital content byparticipants on their digital communication devices and securing orhiding of the content in accordance with the preferred embodiment of thepresent inventive system;

FIG. 4 is a flowchart illustrating creation and/or selection of digitalcontent, designation of all or parts of the digital content asconfidential, and displaying of the digital content designated asconfidential by the participants on their digital communication devicesin accordance with the preferred embodiment of the present inventivesystem;

FIG. 5 is a flowchart illustrating selection and displaying of thedigital content designated as confidential by the participants on theirdigital communication devices in accordance with the preferredembodiment of the present inventive system;

FIGS. 6a and 6b are screenshots of a user interface of the presentinventive system illustrating selection of existing digital content byparticipants on their digital communication devices and securing orhiding of the content in accordance with the preferred embodiment of thepresent inventive system;

FIGS. 7a and 7b are screenshots of a user interface of the presentinventive system illustrating setting retention limits on shared digitalcontent by the participants on their digital communication devices inaccordance with as realized in the preferred embodiment of the presentinventive system;

FIG. 8 is a flowchart illustrating setting retention limits on selecteddigital content by the participants on their digital communicationdevices in accordance with the preferred embodiment of the presentinventive system;

FIG. 9 is a flowchart illustrating deletion or whipping out of thedigital content from the participant's digital communication devices inresponse to the retention limits pre-set by the participants beingreached in accordance with the preferred embodiment of the presentinventive system;

FIGS. 10a and 10b are screenshots of a user interface of the presentinventive system illustrating indications of set retention limits onshared digital content in accordance with as realized in the preferredembodiment of the present inventive system; and

FIG. 11 is a diagram illustrating a database table that keeps track ofselection of digital content, designation of all or parts of the digitalcontent as confidential, setting duration of retention and enablingand/or preventing displaying of the digital content designated asconfidential by the participants on their digital communication devicesin accordance with the preferred embodiment of the present inventivesystem;

FIG. 12 is a diagram illustrating an example of a digital communicationdevice in accordance with the preferred embodiment of the presentinventive system.

DETAILED DESCRIPTION OF INVENTION

The following are descriptions of illustrative embodiments that whentaken in conjunction with the following drawings will demonstrate theabove noted features and advantages, as well as further ones. In thefollowing description, for purposes of explanation rather thanlimitation, illustrative details are set forth such as architecture,interfaces, techniques, element attributes, etc. However, it will beapparent to those of ordinary skill in the art that other embodimentsthat depart from these details would still be understood to be withinthe scope of the appended claims. Moreover, for the purpose of clarity,detailed descriptions of well known devices, tools, techniques andmethods are omitted so as not to obscure the description of the presentinventive system. It should be expressly understood that the drawingsare included for illustrative purposes and do not represent the scope ofthe present inventive system. In the accompanying drawings, likereference numbers in different drawings may designate similar elements.

The communication applications like e-mail, chat/texting, socialinteraction applications like facebook and twitter communicate digitalcontent including text messages and/or files that may be sent asattachments to the text messages or sent unaccompanied by text. Thedigital content is communicated between the digital communicationdevices of two or more participants or users of the communicationapplications. A running conversation in such communication applicationsincludes a thread of the exchanged digital content. i.e., messages withor without attachments. The thread is shared by the participants who maybe senders and/or receivers of the content and displayed on theirdigital communication devices.

The present inventive system that achieves the objects set above isdescribed and explained in detail below. It will be readily apparent tothese skilled in the art that the discussed details are applicable toall communication applications, programs, systems, services utilized bythe participants for sharing content using devices via the networksdiscussed above. Also, throughout this document digital content will bereferred to simply as “content” and digital communication devices willbe referred to simply as “devices”.

The functionality of the present inventive system enables its users orparticipants to designate any of the content shared or communicatedbetween the participants' devices as confidential. This functionalitycan be added into any of the communication applications, e.g., thesediscussed above, for example as a plug-in to the code of theseapplications. The content designated as confidential is then sent by oneof the participants, i.e., a sender, and received by designated one ormore participants, i.e., receivers. However, the received contentdesignated as confidential is not displayed on the receiver's device.Instead, a sign is displayed in its stead indicating that confidentialcontent is received and may be viewed upon presenting of validcredentials. As will be explained further below, the receiver of thecontent needs to be authenticated by providing a passcode.

For example, where there are two conversation participants, sender A andreceiver B, sender A may want to keep certain content, i.e., messagesand/or attachments in confidence with receiver B. The reason for thismay be to prevent unauthorized persons from intentionally orinadvertently viewing the communicated confidential content on receiverB's device when, e.g., receiver B's device is left unattended, is lostor stolen, or when an unauthorized person is staring over receiver B'sshoulder or otherwise peering into receiver B's device's screen.However, in accordance with the present inventive system describedherein, viewing of the content designated as confidential requiresauthentication as described herein, thus, only authenticated authorizedparticipants will be enabled to view the content designated asconfidential. Thus, in this example, receiver B is enabled to view thereceived confidential content in private, but only after beingidentified by the present inventive system as a valid authorizedparticipant.

Additionally, in the running conversations between more than twoparticipants, the sender may prefer to share the content with some, notall receivers. For example, sender A may decide to distinguish betweenparticipants B, C, and D having different security clearances, such thatparticipant D has a lower security clearance than the rest of theparticipants. Thus, to share confidential content only with authorizedparticipants (these with the higher security clearance, i.e., B and C)sender A will set security clearance for the confidential content to alevel at which receivers B and C but not receiver D will be able to viewthe content.

Further, the senders can group contact information of the participantsin a manner that participants in one group but not the others can viewthe confidential content. For example, sender A may designateparticipants B and C as members of group (i) and receivers C and D asmembers of group (ii). Then when sender A sends the confidential contentto group (i) participant D is prevented from viewing thus sentconfidential content; and when sender A sends confidential content togroup (ii) participant B is prevented from viewing thus sentconfidential content. The confidential content will be revealed only tothe designated authenticated participants and concealed from others.

As discussed above, the content may include text and have attacheddigital files. The attached digital files may comprise text,spreadsheets, power point presentations, multimedia, i.e., pictures,music, video, and their combinations, etc. The whole or any part of thecontent may be designated as confidential. For example, the text messagemaybe designated as confidential but not the attachments and vice versa,i.e., the attachments maybe designated as confidential but not themessage.

Moreover, the digital files comprise elements that may be selectively,individually or grouped, designated as confidential. The elements of thedigital files may include the following:

-   1. For text based files produced, without limitation, by word    processing programs, applications, and online services, such as    Notepad, Wordpad, Microsoft Office suite, EditPlus, Keynote,    Numbers, Pages, Notes, Open Office, Adobe Acrobat, etc. Elements of    text based files, for example, comprise words, sentences,    paragraphs, chapters, pages, and other similar separator sections.    Any of these elements can be selectively designated as confidential.-   2. For spreadsheet files, produced, without limitation, by, e.g.,    Microsoft Excel and similar programs and services. Elements of    spreadsheet files, for example, comprise specific cells, formulas,    worksheets, rows, columns and etc. The spreadsheet files as a whole    and/or any of these elements can be selectively designated as    confidential.-   3. For multimedia based files including images, video, music or    portions, there of. The image based files may include all image    formats as for example defined by png, jpg, jpeg, Tiff, bmp, gif,    and other image formats extensions. The video based files may    include all image formats as for example defined by avi, dat, mov,    MP4, mpeg, flv and other video formats. The elements of the    multimedia based files are film frames, collection of image pixels    that may be identified by in a coordinate system, and the like. As    with other types of files discussed, the multimedia based files    individually as a whole and/or any of their elements can be    selectively designated as confidential. Of course, the multimedia    based files can be included within the text based files and    designated as confidential individually or as part of the file. Some    of the programs that can create such mixed type files include    Microsoft Office, iWorks, Open Office, etc. Also chat, email, and    Instant Messengers can easily manage sharing of mixed type files.

Passcode

The participants may be required to register for participation in thepresent inventive system. This registration may require selection of avalid login/password combination, or an alternative, before the systemcan be used. In other words unless the participants login into thesystem using a valid login/password combination the features describedbelow will not be made available to them. Alternatively, the use of theentire system may be prohibited. Thus, the use of the login feature forthe present inventive system may be optionally switched ON and OFF.Various methods of registering and authenticating the login/passcodecombinations are familiar to these skilled in the art.

Separate from the login/password authentication the participants areasked to establish a passcode uniquely identifying the participant. Inan alternative embodiment, different passcodes may be established touniquely identifying different devices used by one participant. FIG. 1aillustrates an example of a graphical user interface (GUI) for acceptingthe passcode. The passcode can be a combination of keyboard characters,iris or fingerprint scan, a geometric shape or any similar unique code.Upon authentication, the passcode allows the participants to execute thefeatures of the present inventive system to designate the content on theparticipant's device as confidential and to view the content designatedas confidential that resides on the participant's device. While in thepreferred embodiment the participants are not required to have anauthenticated passcode to designate the content as confidential. Analternative embodiment may require passcode authentication prior todesignating the content as confidential. However, it is important thatthe passcode is authenticated prior to view the content designatedconfidential.

Once the content designated as confidential is shared, i.e., sent orcommunicated, all participants will receive it on their devices.However, only the participants with the authenticated passcode will beable to view it. FIG. 1b illustrates an example of a GUI prompting theparticipants attempting to designate or view the confidential content toauthenticate their passcodes. Alternatively, a visual indication or asound alert may be given to remind the participant to enter thepasscode. Also temporary passcodes may be assigned to selectparticipants, e.g., as a promotion, to enable sharing and viewing ofconfidential content for a limited time or limited number of times.

One example of authenticating the passcode is illustrated in FIG. 2. Asshown, in step S200 it is ascertained that the present inventive systemis available. In step S202 a GUI screen, e.g., FIG. 1a , is displayed,initiating a dialogue with a participant. At step S204 it is determinedif the passcode already exists, if the passcode exists, the passcode isthen modified if at step S206 it is determined that modification isrequired. After the passcode is entered as requested at step S208, it isvalidated in step S210. If the passcode is valid the processingcontinues in step S214. Alternatively, if at step 204 it was determinedthat the participant does not have a valid passcode, a new uniquepasscode is created in step S212. The passcode is entered when requestedat step S214 and re-entered at step S216. Step S218 matches entries atsteps S214 and 216, the passcode is approved in step S222, otherwisestep S220 indicates that the entries do not match and entry/re-entry ofthe passcode back at steps S214/S216 is repeated.

Secure Sharing

FIG. 3a illustrates a GUI displaying a confidentiality icon depicted asa lock. Appearance of the icon may be affected by authentication of thepasscode since it enables the confidentiality feature for theauthenticated participant. A confidentiality icon may appear on thescreen or if already present be bolded to indicate that it is enabled(by passcode authentication) and is active. The location of theconfidentiality icon is selected so as to be easily and convenientlyaccessed when a new message is typed and/or when an existing content isselected for sharing. It will be readily recognized that theconfidentiality icon may be identified by different images, may beplaced at different locations in the GUI and that alternative to theicon may be used.

As further shown in FIG. 3a , new content is created in a form of asentence “Keep it confidential” typed into a message box in the GUI. Todesignate the new content, i.e., the sentence “Keep it confidential” asconfidential, the confidentiality icon, i.e., the lock, is selected,e.g., by pressing or touching. It is apparent that the new content canbe designated as confidential before and/or after the message is typed,and the confidential designation may be given to any message that istyped until an indication that this is no longer required is received,i.e., until the setting is removed, as for example pressing theconfidentiality icon again, twice, or holding it down for a presetperiod. Also, instead of using the icon, a flag maybe turned set andre-set by going into the settings of the present inventive system todesignate the content as confidential and to remove the setting.

Once the new content is created and designated as confidential, it canbe shared with designated receivers by, for example, selecting ortouching the word “send” located next to the text box. The manner ofcreation and sending of the content is known to these skilled in the artfrom e-mail, chat, and word processing applications.

Referring now to FIG. 3b , the content, “Keep it confidential” isreceived on the receiver's device, however, because it is designated asconfidential by the sender, it is not immediately viewable on thereceiver's device. Instead of the words “Keep it confidential”appearing, a new bubble including an indication: “eWhisper”. This orsome other selectable message, alerts or indications to the receiverthat the received content is designated as confidential by the sender.For example, as illustrated in FIG. 3b a graphical indication may beused, e.g., an image of the lock under the bubble in which the words“eWhisper” appear.

To see the hidden contents of the received message, the receiver willneed to select, touch the “eWhisper” bubble. If the receiver has alreadyauthenticated the passcode the message “Keep it confidential” will bedisplayed in the bubble instead of “eWhisper” after being touched orselected by the receiver. Also as discussed above, if the receiver hasnot authenticated its passcode, after touching or selecting the bubblereading “eWhisper” the receiver is prompted to provide the passcode, asshown in the example of FIG. 1 b.

One example of designating the digital content as confidential using thepasscode is illustrated in FIG. 4. As shown, in step S400 it isascertained that new content is created or existing content is selected.In step S402 the participant is asked how many and/or what specificelements of the information should be secured as confidential. If, theparticipant indicates that all content to follow is to be designated asconfidential, then a “receiver level” lock (a flag) is set and enabledat step S406. At step S408 the present inventive system enables furthersharing of all content to be confidential or hidden. Finally at stepS418 the text, e.g., “eWhisper” is displayed alone or in conjunctionwith the graphical lock indication as shown in FIG. 3b , to indicatethat the content is confidential and therefore is hidden.

If at step S402, the participant indicates that only the current contentis to be designated as confidential, then at step S410 the participantis asked if all or part of the current content should be madeconfidential. If the answer is only a part, the participant is enabledat step S412 to select the desired part (see, element as discussedabove). At step S414 the lock is enabled and the selected content isdesignated confidential, i.e., hidden in step S416. As discussed above,at step S418 the text, e.g., “eWhisper” and/or the graphical indicationas in FIG. 3b , is displayed to indicate that a portion of the contentis confidential and therefore is hidden.

However, if at step S410 the participant answers that all of the contentis to be confidential, the lock is enabled at step S420 and the contentis designated confidential, i.e., hidden in step S422. As discussedabove, at step S418 the text, e.g., “eWhisper” and/or the graphical lockindication, as in FIG. 3b , are displayed to indicate that a portion ofthe content is confidential and therefore is hidden.

One example of a participant (sender and/or receiver), using thepasscode for displaying the digital content that was secured asconfidential and shared, i.e., communicated is illustrated in FIG. 5. Asshown, it is first ascertained in step S500 that content is secured orin other words locked for viewing. In step S502 the unlocking sequenceis initiated by determining, in step S504, if the participant hasalready created the passcode. If the passcode was entered, theprocessing proceeds to step S510. Otherwise step S506 leads theparticipant through the passcode authentication process discussed abovewith reference to FIG. 2. In step S508 it is verified that the passcodeis now created/entered.

After, in steps S510 and S512, the passcode is verified, i.e., thereceiver may be asked to re-enter the passcode if any discrepancy isdiscovered, the secured content is displayed in step S514. Afterdisplaying the content, if at step S516 it is ascertained that theparticipant has triggered the locking functionality, the content islocked again in step S518.

It is noted that for sharing, any content (see, discussion of thecontent above) newly created, downloaded or pre-existing on theparticipants' devices can be designated as confidential. An example ofthis is illustrated in FIGS. 6a and 6b , where one of the pre-existingmessages reading “Good Morning” is selected for confidential sharing. Inthe example, the participant selects or touches the message and ispresented with actionable options, e.g., delete; copy; secure; andforward (FIG. 6a ). While other options may be familiar to these skilledin the art, by selecting the “secure” option the participant designatesthe message “Good Morning” to be confidential. In response to thisdesignation, as shown in FIG. 6b , the message “Good Morning” is nolonger viewable and is replaced by an indication, i.e., “eWhisper” thatthis particular content is confidential and requires additional actionfor viewing.

In situations where the sender's passcode is authenticated but thereceiver's is not, sharing of the confidential content with theunauthenticated receiver may be prevented. Alternatively, theconfidential content may be shared anyway since it will not be possiblefor unauthorized receivers to view the confidential content. Also, oncethe receiver realizes that the passcode is required to read the sharedconfidential content, that participant will request authentication asdescribed with reference to FIGS. 1a and 1 b.

It is noted that the present inventive system may send the actualconfidential content to the receiver's device in anticipation that theshared confidential content will be opened and viewed. However,alternatively, instead of the actual content only an indication of theshared confidential content, e.g., the indication “eWhisper” as in FIG.6a , can be sent. The actual confidential message can be sent only whenthe receiver attempts to open and view the shared content.

It will readily appreciated by these skilled in the art that the presentinventive system discussed herein is easily adaptable to function withall content sharing and communication applications, e.g., e-mail andchat applications, all social network applications, and etc. Anydifferences found in implementation of these applications do not affectthe features discussed in this document.

Retention

To further secure sharing of the content, regardless of weather theshared content is designated as confidential, i.e., secured as discussedabove, the following is achieve by the present inventive system. Thesender may mark the shared content, e.g., by setting a flag, to indicatethat other participants are not to further share the shared content.This will prevent the receivers from copying or forwarding theconfidential messages to additional participants. Alternatively, asdiscussed in examples above, sharing may be allowed with receiversspecified by designation or by groups.

Furthermore, removing the content from the devices, e.g., running threadin a messaging conversation will make it less likely that such contentwill be viewed by unauthorized persons. Accordingly, duration ofretention of the shared content on the receivers' devices and in on-linedatabases, e.g., on the e-mail servers, that may store the sharedcontent, may be limited. FIGS. 1b, 3a, 3b, 6a and 6b illustrate an icondepicted as a clock. The sender selects this icon to choose a specificduration for the shared content to remain on the receiver's device afterit is received and before it is deletes/removed. It is noted that thelocation of the clock icon is selected so as to be easily andconveniently accessed when the duration of a newly created or existingcontent is defined. It will be readily recognized that different icons,locations and designations may be used.

As shown in FIG. 7a , the new content is typed into the text window:“This message disappears in 30 secs”. By pressing or touching the clockicon time maybe selected from a drop down menu or typed in. Othermanners of providing values, for example, using a page of time valuesshown in FIG. 7b may also be used. As indicated in FIG. 7b , theduration time may be set in seconds, minutes, hours, or days.Alternatively, a number of times that the message is viewed maybe usedto determine when the shared content is deleted.

One example of a retention control of shared confidential digitalcontent is illustrated in FIG. 8. As shown, in step S800 it isascertained what content is ready to be shared. In step S802 theparticipant is asked to indicate whether only the current content or allcurrent and future content designated to be shared with a particularreceiver is to be given a retention limit. If the participant (sender orreceiver) indicates that all current and future content is to be giventhe same retention limit, a retention limit is enabled at a receiverlevel of the present inventive system at steps S804 and S806.

If the participant (sender or receiver) indicates that only the currentbut not the future content is to be given the retention limit, aretention limit is enabled at a sharing level of the present inventivesystem at step S806 the participant is asked if the retention limitshould be set for all or only a part of the current content. At stepS814 the participant selects the part of the content for which theretention limit is to be set.

Retention processing is then enabled at steps S822, S816 and S806 andretention limit is set at steps S826, S820 and S810, respectively. Afterwhich the content is shared with the other participants. As shown instep S830, the shared content is marked with indications of retentionlimit. Thus, on the receivers' devices the shared content will bedeleted when the present inventive system detects that the retentionlevel is reached.

The present inventive system can also designate the duration to be“delete after read” (or delete after viewed or heard in case of videoand audio content). This specifies that the shared content must beremoved from the receivers' devices once it is determined that thereceiver has viewed or read the shared content. Alternatively, a numberof views (reads) may be set, to indicate how many times the sharedcontent may be viewed before it is deleted. For example, “delete afterread twice”. Similar to the discussion above, with regard to duration ofthe shared content, which is removed or deleted from the receiver'sdevice upon expiration of the established duration, when the “deleteafter read” is set, the shared content is deleted once it is determinedthat the shared content was viewed.

When the duration the confidentiality of the content are set together,i.e., the message is typed, the lock icon is pressed, then the clockicon is pressed and the duration time or “delete after reading” is set.The content is thus made confidential and will be deleted from thereceivers' devices after it is shared and the condition of durationexpires. Thus, when the duration condition is met, i.e., the timeelapses or the timer value is reached, the shared content is removed anddisappears from the receiver's device without leaving any trace. It isworth noting that for the sharing of confidential content, the countdown of the duration time may be selected to start from when theconfidential content is received on the device or when it is unlocked bythe receiver. Conversely, since the “Delete After Read” setting is notbased on time, the determination of when the shared content is read maybe, for example, determined by monitoring the receiver's use of therespective device, e.g., screen navigation or uses of otherapplications.

One example of how retention control of shared confidential digitalcontent may be implemented is illustrated in FIG. 9. As shown, in stepS900 it is ascertained if any retention control is available. In stepS902 the retention information is displayed. Examples of this are shownin FIGS. 10a and 10b where an image of the clock and text “30 Sec” aredisplay beneath the bubble of content reading: “This message disappearsin 30 secs” and where an image of the clock and text “Delete After Read”are display beneath the bubble of content reading: “This message isdeleted after it is read”. In FIG. 10b the last message was designatedconfidential and, thus, is hidden. Instead “eWhisper” is written insidethe bubble and an image of the lock is displayed with the image of theclock and the text “Delete After Read” beneath the bubble.

Returning to FIG. 9, at step 904 a retention counter is initialized forthe specific content, while at step S906 it is determined whether theparticipant, the user of the current digital communication device is thesender or receiver of the retention restricted content. The function isterminated at step S910 if at step S908 it is established that theparticipant is the sender who set the restriction. Further, if theretention restriction limit was reached as determined in step S912 thecontent is removed from the display in step S916 and completely wipedoff the digital communication device in step S918. Otherwise the contentis retained in step S914 and step S912 continues to monitor is therestriction limit is reached.

In one exemplary embodiment, the above described inventive system mayachieve its goals as follows. A database 1100 may be provided in whichthe content residing on the device is referenced, e.g., by address ondisc, name and folder name, and etc., in field 1104. All content that issent or received on the participants' device is registered with thedatabase 1100. If a size of the content is small, e.g., an SMS message,the whole content may be stored on the database 1100 in the field 1104.The tables 1102 in the database 1100 may be set up to include additionalfields associated with the content referenced in the field 1104. Thesefields may include a confidentiality flag 1106 indicating that thecontent is confidential, and a retention byte or word 1108 indicatingthe duration of the content before it is deleted. When, as discussedabove with reference to at least FIGS. 4 and 5 the content is selectedand the lock icon is pressed to designate the content as confidential,this action triggers the system to set the confidentiality flag 1106 forindicating that the content referenced in the field 1104 is designatedconfidential and to be hidden from view.

Sharing of the content among the participants, also shares itsassociated properties, the above discussed fields, in the tables 1102.When received on the participants' devices the content and itsassociated properties are stored on the local database in the tables1102. Unlocking of the content is achieved when the flag 1106 in arecord 1112 uniquely associated with the selected content is set orre-set in response to the participant, here the receiver because sharedor communicated content is being discussed, providing an authenticatedpasscode. See discussion above relating to passcode.

Actions that can be perform and affect the shared/communicated content,e.g., forwarding, copying, deleting, may be allowed or prohibited basedon the state of the flag 1106 in the local database 1100. For example,if the flag 1106 is set, the participant is prohibited from forwardingthe content. Of course additional field in the tables 1102 may beprovided specifically for dealing with these and other actions affectingthe content.

The inventive system consults the tables 1102 on the participant'sdevice any time an operation is performed on the content, as for examplewhen the content is displayed. After checking if the confidential flag1106 in the record 1112 uniquely associated with the content is set, thesystem will, display the content if the confidential flag 1106 is in are-set state or not display the content, instead displaying anindication, e.g., “eWhisper” (see FIG. 3b ) if the confidential flag1106 is set. Entering of the authenticated passcode temporarily resetsthe confidential flag 1106 to its re-set state indicating to the systemthat the content can be displayed but then, after display theconfidential flag 1106 is set again for preventing future unauthorizedviewing. The flag 1106 is reset temporarily so as to hide the contentafter the viewing. The participant may opt to unlock the contentpermanently.

The retention feature of the inventive system, discussed above withreference to FIGS. 8 and 9, may be achieved in a similar way. Individualtables 1102 of the database 1100 may further include a field 1108 in therecord 1112 uniquely associated with the content. The time duration oran indication of delete after read provided by the participants, asdiscussed with reference to FIGS. 7a, 7b , 8 and 9, is entered in thefield 1108. As discussed, when the content is shared among theparticipants, the relevant properties of the tables 1102 along with thetime and other information in the retention field 1108 are shared withalong with the content. It is noted that as the timer is run down orincreased, the retention field 1108 in the database 1100 is updated. Therunning totals of the time remaining are then displayed to theparticipants.

Further, the tables 1102 may include a field 1110 for listing indicatorsor identifiers of elements in the content files. These elements arediscussed above and may be addressed, for example by page, line,chapter, word numbers, etc. Also HTML, XML, and similar language codescan be addressed and stored in the tables 1102.

As indicated, a record 1112 is established for each of the sharedcontent so as to uniquely associate with a respective shared content,whether designated as confidential and/or designated to have a retentionrestriction, sent or received on the devices. Therefore, when thecontent is deleted from the device, its associated record 1112 is alsodeleted from the table 1102 in the database 1100.

It is foreseen that applying the present inventive system describedabove with reference to the Figures to content sharing applications invarious industries will help prevent unauthorized viewing. For example,such industries may include banking. Many banks have migrated theirmonthly reporting to the clients and customers to paperless statements,i.e., receiving monthly statements in digital form instead of printed onpaper. Such statements and other banks' digital communication includecredit card/debit card account information and other bank accountstatement details. Thus, communicating (sharing) of the digitalstatements in the form of secure confidential content discussed abovewill ensure secrecy and assure the customer that the account informationis shared safely and confidentially.

Further, for banks and any institution or company that requires theirclients or customers to use login/password combinations, sharing orcommunicating this information digitally can now be secured inaccordance with the present inventive system. Thus, for companies whoused to send “pin” information by snail mail, i.e., debit card pincodes, are now able to share this content digitally.

In accordance with the present inventive system Individuals, groups, andorganizations will benefit from the ability to share sensitiveconfidential content, for example, Board of Directors meetings outliningrevenues, sensitive ongoing and future projects, as well as secret orsensitive partnerships and/or acquisitions; sales figures, planed salestargets, sales proposal, quotes; marketing methods and budgets. Also,the medical insurance companies, medical facilities, laboratories,doctors, and hospitals can use the secure communication of digitalconfidential content to securely convey sensitive content, like medicalinformation including pre-existing conditions, health check-up details,and insurance information; reasons for medical claims and for theirdenial, claim amounts, sum assured limits, etc.

Of course an ability of making the confidential content to vanish aftera predetermined period of time or as soon as the receiver has read it,used it, or performed some other action, provides additional security.

Finally, FIG. 12 shows a system 1200 which represents an example of acomputing device utilized to implement the present inventive systemdescribed above as well as the digital communication devices used by theparticipants. The system 1200 includes a computing device 1204 that hasa processor 1212 operationally coupled to a memory 1214, a renderingdevice 1208, such as one or more of a display, speaker, etc., a userinput device 1206 and a network 1202 operationally coupled to thecomputing device 1204. The application data and other content arereceived by the processor 1212 and are used to perform operation acts inaccordance with the present inventive system and method. The operationacts include controlling at least one of the rendering device 1208 torender one or more of the GUIs and/or to render content in accordancewith the present inventive system as illustrated in FIGS. 1a, 1b, 3a,3b, 6a, 6b, 7a, 7b, 10a and 10b . The user input 1206 may include akeyboard, mouse, trackball or other devices, including touch sensitivedisplays, which may be stand alone or be a part of a system, such aspart of a personal computer, personal digital assistant, mobile phone,converged device, or other rendering device for communicating with theprocessor 1212 via any type of link, such as a wired or wireless link.The user input device 1206 is operable for interacting with theprocessor 1212 including interaction within a paradigm of a UI such as aGUI and/or other elements of the present inventive system, such as toenable web browsing, content selection, such as provided by left andright clicking on a device, a mouse-over, pop-up menu, radio button,etc., such as provided by user interaction with a computer mouse, etc.,as may be readily appreciated by a person of ordinary skill in the art.

In accordance with an embodiment of the present inventive system, therendering device 1208 may operate as a touch sensitive display forcommunicating with the processors 1212 (e.g., providing selection of aweb browser, a Uniform Resource Locator (URL), portions of web pages,etc.) and thereby, the rendering device 1208 may also operate as a userinput device. In this way, a user may interact with the processor 1212.Clearly the user device 1204, the processor 1212, memory 1214, renderingdevice 1208, an optional disk 1210 and/or user input device 1206 may allor partly be portions of a computer system or other device, and/or beembedded in a portable device, such as a mobile telephone, personalcomputer (PC), tablet, personal digital assistant (PDA), convergeddevice such as a smart telephone, etc.

The methods of the present inventive system are particularly suited tobe carried out by a computer software program, such program containingmodules corresponding to one or more of the individual steps or actsdescribed and/or envisioned by the present inventive system. Suchprogram may of course be embodied in a computer-readable medium, such asan integrated chip, a peripheral device or memory, such as the memory1214 or other memory coupled to the processor 1212.

The computer-readable medium and/or memory 1214 may be any recordablemedium (e.g., RAM, ROM, removable memory, CD-ROM, hard drives, DVD,floppy disks or memory cards) or may be a transmission medium utilizingone or more of radio frequency (RF) coupling, Bluetooth coupling,infrared coupling etc. Any medium known or developed that may storeand/or transmit information suitable for use with a computer system maybe used as the computer-readable medium and/or memory 1214.

Additional memories may also be used. The computer-readable medium, thememory 1214, and/or any other memories may be long-term, short-term, ora combination of long-term and short-term memories. These memoriesconfigure processor 1212 to implement the methods, operational acts, andfunctions disclosed herein. The operation acts may include controllingthe rendering device 1208 to render elements in a form of a UI and/orcontrolling the rendering device 1208 to render other information inaccordance with the present inventive system. The memories may beimplemented as electrical, magnetic or optical memory, or anycombination of these or other types of storage devices.

The network 1202 should be understood to include further networkconnections to other user devices, systems (e.g., servers), etc. Whilenot shown for purposes of simplifying the following description, it isreadily appreciated that the network 1202 may include an operableinterconnection between processors, memories, displays and user inputssimilar as shown for the user device 1204, as well as networked servers,such as may host web sites, etc. Accordingly, while the descriptioncontained herein focuses on details of interaction within components ofthe user device 1204 and other user devices and servers, it should beunderstood to similarly apply to interactions of other devices operablycoupled to the network 1202.

The processor 1212 is capable of providing control signals and/orperforming operations in response to input signals from the user inputdevice 1206 and executing instructions stored in the memory 1214 or ondisk 1210. The processor 1212 may be an application-specific orgeneral-use integrated circuit(s). Further, the processor 1212 may be adedicated processor for performing in accordance with the presentinventive system or may be a general-purpose processor wherein only oneof many functions operates for performing in accordance with the presentinventive system. The processor 1212 may operate utilizing a programportion, multiple program segments, or may be a hardware deviceutilizing a dedicated or multi-purpose integrated circuit.

Thus, while the present inventive system has been described withreference to exemplary embodiments, it should also be appreciated thatnumerous modifications and alternative embodiments may be devised bythose having ordinary skill in the art without departing from thebroader and intended spirit and scope of the present inventive system asset forth in the claims that follow.

The section headings included herein are intended to facilitate a reviewbut are not intended to limit the scope of the present inventive system.Accordingly, the specification and drawings are to be regarded in anillustrative manner and are not intended to limit the scope of theappended claims.

In interpreting the appended claims, it should be understood that:

a) the word “comprising” does not exclude the presence of other elementsor acts than those listed in a given claim;b) the word “a” or “an” preceding an element does not exclude thepresence of a plurality of such elements;c) any reference signs in the claims do not limit their scope;d) several “means” may be represented by the same item or hardware orsoftware implemented structure or function;e) any of the disclosed elements may be comprised of hardware portions(e.g., including discrete and integrated electronic circuitry), softwareportions (e.g., computer programming), and any combination thereof;f) hardware portions may be comprised of one or both of analog anddigital portions;g) any of the disclosed devices, portions thereof, acts, etc., may becombined together or separated into further portions, acts, etc., unlessspecifically stated otherwise;h) no specific sequence of acts or steps is intended to be requiredincluding an order of acts or steps indicated within a flow diagram; andi) the term “plurality of” an element includes two or more of theclaimed element, and does not imply any particular range of number ofelements; that is, a plurality of elements may be as few as twoelements, and may include an immeasurable number of elements.

1. A method of sharing confidential content among communication devicesof participants of digital conversations, the content is provided as anattachment to elements of the digital conversations, the communicationdevices are connected to a network and configured to display thecontent, the method comprising steps of: registering two or more of theparticipants; on any of the communication devices comprising theattachment to elements: receiving, from the registered participants, aselection of at least one attachment to elements; designating the atleast one attachment to elements of the selection as confidential bysetting a flag associated with the at least one attachment to elementsON, wherein the at least one attachment to elements is confidential whenthe flag is set ON, and is not confidential when the flag is set OFF,and displaying a place holder of the at least one attachment toelements; on any of the communication devices comprising the at leastone attachment to elements designated as confidential: authenticatingthe registered participants; receiving a request to view the content ofthe at least one attachment to elements designated as confidential fromany of the participants; and displaying, without encoding and/ordecoding, the content of the at least one attachment to elementsdesignated as confidential only to the authenticated registeredparticipants.
 2. The method of claim 1, wherein the network is theInternet and the connection is at least one of wired and wireless. 3.The method of claim 1, wherein the attachment and elements are providedby a step selected from one of: creating, downloading via the network,copying from a fixed and/or removable medium, receiving via Bluetoothand/or near field communication technology and receiving via wiredand/or wireless network.
 4. The method of claim 1, wherein the step ofauthenticating comprises steps of: registering a passcode for uniquelyidentifying the registered participants; and supplying the passcode tothe communication devices prior to or at a time of performance of thesteps of receiving a selection and receiving a request.
 5. The method ofclaim 1, further comprising a step of associating a record having atleast one flag uniquely with respective of the at least one attachmentto elements, wherein the flag being ON indicates that the associated atleast one attachment is confidential and the flag being OFF indicatesthat the associated at least one attachment is not confidential.
 6. Themethod of claim 5, further comprising a step of distributing the recordto the communication devices of the registered participants.
 7. Themethod of claim 6, wherein the step of distributing further comprisessteps of: communicating information in the record to the communicationdevices; and upon receipt establishing, on the communication devices, alocal copy of the record.
 8. The method of claim 7, wherein theinformation in the local copy of the record indicates if displaying andcopying the content provided as the attachment and designated asconfidential is allowed or prohibited.
 9. The method of claim 1, furthercomprising steps of: before the step of designating, requesting todesignate the received selection as confidential; and. electing for thedesignation one of: the received selection only and every receivedselection.
 10. The method of claim 5, wherein the step of receiving aselection further comprises steps of: requesting to set a retentionvalue; and setting the retention value.
 11. The method of claim 10,wherein the step of setting the retention value further comprises thestep of: electing that the retention value be set for one of: thereceived selection only and every received selection.
 12. The method ofclaim 10, wherein the retention value is selected from at least one of:time and a number of views, the time indicates how long the selection isallowed to exist before it is deleted, and the number of views indicateshow many times the selection is to be viewed before it is deleted. 13.The method of claim 10, wherein the step of setting the retention valuesets a duration of retention in a field of a record uniquely associatedwith the at least one attachment to elements, the field not null orempty indicates that a retention value is set for the at least oneattachment to elements of the selection.
 14. A method of sharingconfidential content among communication devices of participants ofdigital conversations, the content is provided an attachment to elementsof the digital conversation, the communication devices are connected toa network and configured to display the content, the method comprisingsteps of: registering two or more of the participants; on any of thecommunication devices comprising the attachment to elements: receiving,from the registered participants, a selection of at least one attachmentto elements; setting a retention value for the at least one attachmentto element of the selection; designating the at least one attachment toelements of the selection as confidential by setting a flag associatedwith the at least one attachment to elements ON, wherein the at leastone attachment to elements of the selection is confidential when theflag is set ON, and is not confidential when the flag is set OFF, anddisplaying a place holder of the at least one attachment to elements; onany of the communication devices comprising the at least one attachmentto elements designated as confidential: authenticating the registeredparticipants; receiving a request to view the content of the at leastone attachment to elements designated as confidential from any of theparticipants; displaying, without encoding and/or decoding, the contentof the at least one attachment to elements designated as confidentialonly to the authenticated registered participants; and deleting the atleast one attachment to elements designated as confidential uponexpiration of the retention value.
 15. The method of claim 14, whereinthe step of designating the selection as confidential comprises a stepof requesting to designate the selection as confidential; and the stepof setting a retention value further comprises a step of requesting toset the retention value.
 16. The method of claim 15, wherein the step ofrequesting to designate, elects one of the received selection only, andevery received selection to be designated as confidential; and the stepof requesting to set the retention value elects that the retention valuebe set for one of: the received selection only and every receivedselection.
 17. The method of claim 14, wherein: the step of designatingthe selection further comprises the step of associating a record havingat least one flag uniquely with respective of the at least oneattachment to elements, wherein the flag being ON indicates that theassociated at least one attachment is confidential and the flag beingOFF indicates that the associated at least one attachment of theselection is not confidential; and wherein the step of setting aretention value sets the retention value in a field of the record, thefield not being null or empty indicates that a retention value is setfor the at least one attachment to elements of the selection, whereinthe field maintains the running down or decrease of the retention value.18. The method of claim 17, further comprising a step of distributingthe record over the network to the communication devices of theparticipants.
 19. The method of claim 18, wherein the step ofdistributing further comprises steps of: communicating the informationin the record; and upon receipt establishing, on the communicationdevices, a local copy of the record, wherein the information in thelocal copy of the record indicates if displaying the content of thedesignated confidential selection is allowed or prohibited and when todelete the content associated with the designated confidentialselection.
 20. A non-transitory computer readable medium comprisingcomputer readable code, which when executed by a computer performs amethod of sharing confidential content among communication devices ofparticipants of digital conversations, the content is provided as anattachment to elements of the digital conversations, the communicationdevices are connected to a network and configured to display thecontent, the method comprising steps of: registering two or more of theparticipants; on any of communication devices comprising the attachmentto elements: receiving, from the registered participants, a selection ofat least one attachment to elements; designating the at least oneattachment to elements of the selection as confidential by setting aflag associated with the at least one attachment to elements ON, whereinthe at least one attachment to elements is confidential when the flag isset ON, and is not confidential when the flag is set OFF, and displayinga place holder of the at least one attachment to elements; on any of thecommunication devices comprising the at least one attachment to elementsdesignated as confidential: authenticating the registered participants;receiving a request to view the content of the at least one attachmentto elements designated as confidential from any of the participants; anddisplaying, without encoding and/or decoding, the content of the atleast one attachment to elements designated as confidential only to theauthenticated registered participants.